# Security Security considerations to onboard the next 1 billion users to Web3 will require building trust through transparency and openness. Auditability and accountability are key pillars in building trust. Smart Contract Audits All audits to date carried out by Hacken * Audit 3 – October 4, 2024\ [View Report](https://links.joincommonwealth.xyz/SCASep2024) * Audit 2 – April 12, 2024\ [View Report](https://links.joincommonwealth.xyz/SCAMar2024) * Audit 1 – December 26, 2023\ [View Report](https://links.joincommonwealth.xyz/SCANov2023) ### **Github repositories** The WLTH core contributors are deeply committed to open source software and to building in the open. Due to the wide-ranging uses and implications of the technology being built, and in the face of commercial interest for several parts of the system, it has been have decided not to open source the protocol just yet. Links to the Github source code repositories will be made available here over time based on community vote. ### User-centred privacy model All personally-identifiable user information is encrypted in transit and at rest. In addition, all personally- identifiable information (PII) in the databases is salted, making it unreadable by humans should it ever be accessed outside of the system. Matomo is used as the analytics core, the same open source, privacy-first analytics platform used by the EU orgs behind GDPR people. The system self-hosts and manage on public cloud but only with trusted Tier 1 providers. ### Anti-sybil measures and 2FA The system requires a single unique email address and an at least one ERC-20 compatible wallet in order to secure and authenticate your account. This helps ensure fair representation in the community, as well as prevent governance attacked on the protocol through improving sybil-resistance. This will also be used to offer two-factor account authentication to users as an optional layer of account protection. ### Anti-collusion The system detects and prevent anti-collusion amongst project participants and community members via social graph and role-based authentication enforced via token-gating and smart contracts. ### Anti-bot A multi-layered system protects against bots. Cloudflare blocks bots at the network level using machine learning, while proprietary monitoring detects bot-like behavior within the application. ### On-chain Governance Initial off-chain governance will be via Snapshot or token-gated voting in the Community forums in the app. For on-chain governance the plan is to build our governance infrastructure on top of ColonyDAO’s framework and technology. See the ‘Governance’ section for more info. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.wlth.xyz/security-and-technology/security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.